¹ UN General Assembly (UNGA), ‘Report of the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security’ (24 June 2013) UN Doc A/68/98, 8 (2013 GGE Report); UNGA, ‘Report of the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security’ (22 July 2015) UN Doc A/70/174, 12 (2015 GGE Report); UNGA, ‘Report of the Group of Governmental Experts on Advancing Responsible State Behaviour in Cyberspace in the Context of International Security’ (14 July 2021) UN Doc A/76/135, 17 (2021 GGE Report); Charter of the United Nations (signed 26 June 1945, entered into force 24 October 1945) 1 UNTS XVI. The Group was established pursuant to para 4 of UNGA Res 60/45 (6 January 2006) UN Doc A/RES/60/45.

² UNGA Res 70/237 (30 December 2015) UN Doc A/RES/70/237.

³ UNGA, ‘Open-Ended Working Group on Developments in the Field of Information and Telecommunications in the Context of International Security: Final Substantive Report’ (10 March 2021) UN Doc A/AC.290/2021/CRP.2, 2 (OEWG Final Report).

⁴ See A Henriksen, ‘The End of the Road for the UN GGE Process: The Future Regulation of Cyberspace’ (2019) 5 JCybersecurity tyy009; A Väljataga, ‘Back to Square One? The Fifth UN GGE Fails to Submit a Conclusive Report at the UN General Assembly’ (CCDCOE INCYDER, 1 September 2017) <https://web.archive.org/web/20171109041636/https://ccdcoe.org/back-square-one-fifth-un-gge-fails-submit-conclusive-report-un-general-assembly.html>; F D'Incau and S Soesanto, ‘The UN GGE Is Dead: Time to Fall Forward’ (ECFR, 15 August 2017) <https://www.ecfr.eu/article/commentary_time_to_fall_forward_on_cyber_governance>; E Tikk and M Kerttunen, The Alleged Demise of the UN GGE: An Autopsy and Eulogy (Cyber Policy Institute 2017); J Gold, ‘Unexpectedly, All UN Countries Agreed on a Cybersecurity Report. So What?’ (Council on Foreign Relations, 18 March 2021) <https://www.cfr.org/blog/unexpectedly-all-un-countries-agreed-cybersecurity-report-so-what>; M Schmitt and L Vihul, ‘International Cyber Law Politicized: The UN GGE's Failure to Advance Cyber Norms’ (Just Security, 30 June 2017) <https://www.justsecurity.org/42768/international-cyber-law-politicized-gges-failure-advance-cyber-norms/>; J Gold, ‘A Cyberspace “FIFA” to Set Rules of the Game? UN States Disagree at Second Meeting’ (Council on Foreign Relations, 2 March 2020) <https://www.cfr.org/blog/cyberspace-fifa-set-rules-game-un-states-disagree-second-meeting>.

⁵ See Section III.A. of this article.

⁶ eg, see Coco, A and de Souza Dias, T, ‘“Cyber Due Diligence”: A Patchwork of Protective Obligations in International Law’ (2021) 32 EJIL 771, 772–773CrossRefGoogle Scholar.

⁷ eg, Kulesza, J, Due Diligence in International Law (Brill Nijhoff 2016) 300–2CrossRefGoogle Scholar; Schmitt, MN, ‘In Defense of Due Diligence in Cyberspace’ (2015) 14 YaleLJF 68, 69Google Scholar.

⁸ eg, see Schmitt, MN, Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations (2nd edn, CUP 2017) 30–1CrossRefGoogle Scholar; Coco and Dias (n 6).

⁹ 2021 GGE Report (n 1) 10.

¹⁰ And sometimes beyond the territory of a State, see discussion of ICJ case law below.

¹¹ Peters, A, Krieger, H and Kreuzer, L, ‘Due Diligence in the International Legal Order: Dissecting the Leitmotif of Current Accountability Debates’ in Krieger, H, Peters, A and Kreuzer, L (eds), Due Diligence in the International Legal Order (OUP 2020) 2CrossRefGoogle Scholar.

¹² ILA, ‘Study Group on Due Diligence in International Law – Mandate’ (International Law Association, 2012) <https://www.ila-hq.org/en_GB/documents/mandate-2>; ‘ILA Study Group on Due Diligence in International Law: Second Report’ (International Law Association, July 2016) <https://www.ila-hq.org/en_GB/documents/draft-study-group-report-johannesburg-2016>.

¹³ ‘ILA Study Group on Due Diligence in International Law: First Report’ (International Law Association, 7 March 2014) <https://www.ila-hq.org/en_GB/documents/first-report-washington-dc-2014>; ILA, ‘Resolution No.8/2016: Study Group on Due Diligence in International Law’ (International Law Association, 11 August 2016) <https://www.ila-hq.org/en_GB/documents/conference-study-group-resolution-english-johannesburg-2016>.

¹⁴ ILA, ‘Resolution No.8/2016’ ibid.

¹⁵ See McDonald, N, ‘The Role of Due Diligence in International Law’ (2019) 68 ICLQ 1041, 1043CrossRefGoogle Scholar; Peters, Krieger and Kreuzer (n 11) 8–9.

¹⁶ Koivurova, T, ‘Due Diligence’ in Wolfrum, R (ed), Max Planck Encyclopedia of Public International Law (OUP 2010)Google Scholar.

¹⁷ South China Sea Arbitration (Philippines v China) (Award) PCA Case No 2013-19, ICGJ 495, 744.

¹⁸ Corfu Channel Case (UK v Albania) (Merits) [1949] ICJ Rep 4, 22; Application of the Convention on the Prevention and Punishment of the Crime of Genocide (Bosnia and Herzegovina v Serbia and Montenegro) (Judgment) [2007] ICJ Rep 43, para 430; Pulp Mills on the River Uruguay (Argentina v Uruguay) (Judgment) [2010] ICJ Rep 14, paras 101, 197, 204, 223; Certain Activities Carried Out by Nicaragua in the Border Area (Costa Rica v Nicaragua) and Construction of a Road in Costa Rica along the San Juan River (Nicaragua v Costa Rica) (Judgment) [2015] ICJ Rep 665, paras 104, 153, 168, 228.

¹⁹ Responsibilities and Obligations of States Sponsoring Persons and Entities with Respect to Activities in the Area (Advisory Opinion of 1 February 2011, Seabed Disputes Chamber) ITLOS Reports 2011, paras 110–112, 117–120, 131–132; Request for an Advisory Opinion Submitted by the Sub-Regional Fisheries Commission (Advisory Opinion of 2 April 2015) ITLOS Reports 2015, paras 125–132, 146–150.

²⁰ Generally, see Boyle, A and Redgwell, C, Birnie, Boyle, and Redgwell's International Law and the Environment (4th edn, OUP 2021) ch 3CrossRefGoogle Scholar.

²¹ eg, international human rights law, Council of Europe Convention on Preventing and Combating Violence Against Women and Domestic Violence (adopted 11 May 2011, entered into force 1 August 2014) CETS No 210, art 5(1)–(2); also see the development of due diligence obligations in the fields of the law of neutrality and the law of aliens; Peters, A, Krieger, H and Kreuzer, L, ‘Due Diligence: The Risky Risk Management Tool in International Law’ (2020) 9 CILJ 121, 123; Koivurova (n 16)CrossRefGoogle Scholar.

²² Koivurova ibid.

²³ Peters, Krieger and Kreuzer (n 11) 2.

²⁴ H Krieger and A Peters, ‘Due Diligence and Structural Change in the International Legal Order’ in Krieger, Peters and Kreuzer (eds) (n 11) 374.

²⁵ Peters, Krieger and Kreuzer (n 21) 127–9.

²⁶ Krieger and Peters (n 24) 374.

²⁷ Peters, Krieger and Kreuzer (n 11) 11.

²⁸ See Pulp Mills (n 18) paras 101, 197, 204, 223; and Request for an Advisory Opinion Submitted by the Sub-Regional Fisheries Commission (n 19) paras 110–112, 117–120, 131–132.

²⁹ UNGA, ‘Report of the United Nations Conference on Environment and Development (Rio de Janeiro, 3–14 June 1992)’ (12 August 1992) UN Doc A/CONF.151/26 (Vol. I).

³⁰ ILC, ‘Report of the International Law Commission on the Work of its Fifty-Third Session’ (23 April–1 June, 2 July–10 August 2001) UN Doc GAOR A/56/10, Text of the Draft Articles with Commentaries Thereto: Prevention of Transboundary Harm from Hazardous Activities, 144–170.

³¹ Boyle and Redgwell (n 20) 152–3.

³² ‘The duty of due diligence … is not intended to guarantee that significant harm be totally prevented, if it is not possible to do so’, ILC (n 30) commentary to art 3, 154.

³³ Boyle and Redgwell (n 20) 153; ILC, ‘Report of the International Law Commission on the Work of its Forty-Sixth Session (2 May–22 July 1994) UN Doc A/49/10, Draft Articles on the Law of the Non-Navigational Uses of International Watercourses, commentary to art 7, 103.

³⁴ ILC (n 30) commentary to art 3, 154.

³⁵ Peters, Krieger and Kreuzer (n 21) 124–5; Peters, Krieger and Kreuzer (n 11) 12.

³⁶ Max Planck Institute for Comparative Public Law and International Law, ‘Due Diligence in International Law: About the Project’ <https://web.archive.org/web/20210508170443/https://www.mpil.de/en/pub/research/areas/public-international-law/due-diligence-in-international.cfm>.

³⁷ Krieger, Peters and Kreuzer (eds) (n 11); Peters, Krieger and Kreuzer (n 21).

³⁸ eg, see Kulesza (n 7).

³⁹ Peters, Krieger and Kreuzer (n 11) 9.

⁴⁰ See McDonald (n 15) 1045–8; and Peters, Krieger and Kreuzer (n 21).

⁴¹ McDonald ibid 1044; A Ollino, Due Diligence Obligations in International Law (CUP 2022) 57.

⁴² McDonald ibid 1044–5.

⁴³ Art 6 of the Washington Treaty (1871) between the US and the UK, entered into as a means to conclude the Alabama Claims.

⁴⁴ Alabama Claims of the United States of America against Great Britain, Award rendered on 14 September 1872 by the tribunal of arbitration established by art I of the Treaty of Washington of 8 May 1871.

⁴⁵ Brent, R, ‘The Alabama Claims Tribunal: The British Perspective’ (2022) 44 IntlHistRev 21, 58Google Scholar.

⁴⁶ Trail Smelter Arbitration (United States v Canada), Ad Hoc International Arbitral Tribunal (11 March 1941) 3 UNRIAA 1911, 1938.

⁴⁷ RA Miller, ‘Trail Smelter Arbitration’ in R Wolfrum (ed), Max Planck Encyclopedia of Public International Law (OUP 2007). The Trail Smelter Awards have found tracking within the ICJ in the context of international environmental law, eg, in the Gabčíkovo-Nagymaros Case the Court stated that ‘[t]he existence of the general obligation of States to ensure that activities within their jurisdiction and control respect the environment of other States or of areas beyond national control is now part of the corpus of international law relating to the environment’, Case concerning the Gabčíkovo-Nagymaros Project (Hungary v Slovakia) (Judgment) [1997] ICJ Rep 7, para 53.

⁴⁸ Corfu Channel (n 18) 22.

⁴⁹ M Waibel, ‘Corfu Channel Case’ in R Wolfrum (ed), Max Planck Encyclopedia of Public International Law (OUP 2013).

⁵⁰ Corfu Channel (n 18) 22.

⁵¹ The basis of the UK claim is that the ships in question were exercising their right of innocent passage, Corfu Channel (n 18) 10; the Court refers to the right of innocent passage throughout the judgment, eg, recognizing that ‘[i]t is, in the opinion of the Court, generally recognized and in accordance with international custom that States in time of peace have a right to send their warships through straits used for international navigation between two parts of the high seas without the previous authorization of a coastal State, provided that the passage is innocent. Unless otherwise prescribed in an international convention, there is no right for a coastal State to prohibit such passage through straits in time of peace.’ ibid 28 (emphasis in original).

⁵² S Heathcote, ‘State Omissions and Due Diligence: Aspects of Fault, Damage and Contribution to Injury in the Law of State Responsibility’ in K Bannelier, T Christakis and S Heathcote (eds), The ICJ and the Evolution of International Law: The Enduring Impact of the Corfu Channel Case (Routledge 2012) 299.

⁵³ Pulp Mills (n 18).

⁵⁴ Vienna Convention on the Law of Treaties (signed 23 May 1969, entered into force 27 January 1980) 1155 UNTS 331.

⁵⁵ Pulp Mills (n 18) para 101.

⁵⁶ ibid.

⁵⁷ Armed Activities on the Territory of the Congo (Democratic Republic of Congo v Uganda) (Judgment) [2005] ICJ Rep 168.

⁵⁸ ibid, para 189.

⁵⁹ The DRC alleged breaches of arts 27, 32 and 53 of the fourth Geneva Convention.

⁶⁰ ibid, para 345.

⁶¹ Prevention and Punishment of the Crime of Genocide (n 18).

⁶² ibid, para 429.

⁶³ The Court cited Convention against Torture and Other Cruel, Inhuman and Degrading Treatment or Punishment (adopted 10 December 1984, entered into force 26 June 1987) 1465 UNTS 85, art 2; Convention on the Prevention and Punishment of Crimes against Internationally Protected Persons, Including Diplomatic Agents 1973 (adopted 14 December 1973, entered into force 20 February 1977) 1035 UNTS 167, art 4; Convention on the Safety of United Nations and Associated Personnel 1994 (adopted 9 December 1994, entered into force 15 January 1999) 2051 UNTS 363, art 11; and International Convention on the Suppression of Terrorist Bombings (adopted 15 December 1997, entered into force 23 May 2001) 2149 UNTS 256, art 15.

⁶⁴ McDonald (n 15) 1047–8. As Peters et al observe: ‘anyone who wants to identify and circumscribe, in a more exacting way, the due diligence obligations (both procedural and substantive) must always look at the substantive standards of the specific regime. This is what the ICJ opined in the Bosnian Genocide case, with regard to the related obligation of prevention.’ Peters, Krieger and Kreuzer (n 21) 133.

⁶⁵ Peters, Krieger and Kreuzer ibid 133.

⁶⁶ Prevention and Punishment of the Crime of Genocide (n 18) para 429 (emphasis added).

⁶⁷ Certain Activities Carried out by Nicaragua and Construction of a Road in Costa Rica (n 18).

⁶⁸ ibid, para 105.

⁶⁹ As stated by McDonald, ‘it is not to an “obligation of due diligence” as such which the ICJ looks in any given case, but to the applicable rules of international law. The exercise carried out by the Court is one of examining: a] the scope of the customary rule, or extent of jurisdiction of the treaty regime which is alleged to have been breached; b) the level of control exerted, or of jurisdiction exercised, by the State in order to determine any corresponding obligation; and c] whether the State's responsibility is engaged through its actions. Due diligence may feature as an idea within any of these analyses by reference to a primary rule.’ McDonald (n 15) 1048–9.

⁷⁰ Ollino (n 41) 54.

⁷¹ McDonald (n 15) 1048.

⁷² I Papanicolopulu, ‘Due Diligence in the Law of the Sea’ in Krieger, Peters and Kreuzer (eds) (n 11) 150.

⁷³ J Crawford, The International Law Commission's Articles on State Responsibility: Introduction, Text and Commentaries (CUP 2005) 13 (emphasis added).

⁷⁴ Peters, Krieger and Kreuzer (n 11) 2.

⁷⁵ McDonald (n 15) 1041.

⁷⁶ See Responsibilities and Obligations of States (n 19) para 110; Pulp Mills (n 18) para 187.

⁷⁷ Ollino (n 41) 57.

⁷⁸ Peters, Krieger and Kreuzer (n 21) 122 (emphasis in original).

⁷⁹ ibid 121, 134 (fn 58).

⁸⁰ ibid 132.

⁸¹ ibid 132–3.

⁸² See Boyle and Redgwell (n 20) 218.

⁸³ McDonald (n 15) 1045.

⁸⁴ J Crawford, Brownlie's Principles of Public International Law (9th edn, OUP 2019) 544.

⁸⁵ See McDonald (n 15) 1049–54.

⁸⁶ As reflected by the ILC's Draft Conclusions on Identification of Customary International Law, ‘[t]o determine the existence and content of a rule of particular customary international law, it is necessary to ascertain whether there is a general practice among the States concerned that is accepted by them as law (opinio juris) among themselves’, ILC, ‘Report of the International Law Commission, Seventieth Session’ (30 April–1 June and 2 July–10 August 2018) UN Doc A/73/10, Draft Conclusions on Identification of Customary International Law, 154.

⁸⁷ Including Australia, Brazil, China, Estonia, France, Germany, India, Indonesia, Japan, Jordan, Kazakhstan, Kenya, Mauritius, Mexico, Morocco, Netherlands, Norway, Romania, Russian Federation, Singapore, South Africa, Switzerland, UK, US and Uruguay; see 2021 GGE Report (n 1).

⁸⁸ 2021 GGE Report (n 1) 10.

⁸⁹ ibid 8 (emphasis added).

⁹⁰ 2015 GGE Report (n 1) 7, 8.

⁹¹ DB Hollis, ‘International Law and State Cyber Operations: Improving Transparency’ (21 January 2019) OEA/Ser.Q, CJI/doc. 578/19, 2 <http://www.oas.org/en/sla/iajc/docs/CJI_doc_578-19.pdf>; AM Sukumar, ‘The UN GGE Failed. Is International Law in Cyberspace Doomed As Well?’ (Lawfare, 4 July 2017) <https://www.lawfareblog.com/un-gge-failed-international-law-cyberspace-doomed-well>.

⁹² UNGA Res 70/237 (n 2).

⁹³ See references made, in particular, in UNGA, ‘Open-ended Working Group on Developments in the Field of Information and Telecommunications in the Context of International Security: Chair's Summary’ (10 March 2021) UN Doc A/AC.290/2021/CRP.3, Annex, 10–20.

⁹⁴ See Henriksen (n 4); Väljataga (n 4); D'Incau and Soesanto (n 4); Tikk and Kerttunen (n 4); Gold, ‘Unexpectedly, All UN Countries Agreed on a Cybersecurity Report. So What?’ (n 4); Schmitt and Vihul (n 4); Gold, ‘A Cyberspace “FIFA” to Set Rules of the Game?’ (n 4).

⁹⁵ See analysis in Section II of this article.

⁹⁶ See Kulesza (n 7) 300–2; Schmitt (n 7); for an exploration of relevant ICJ jurisprudence on this subject, see T Mikanagi, ‘Application of the Due Diligence Principle to Cyber Operations’ (2021) 97 IntlLStud 1019.

⁹⁷ Schmitt (n 8) 30; R Buchan, ‘Cyberspace, Non-State Actors and the Obligation to Prevent Transboundary Harm’ (2016) 21 JC&SL 429; F Delerue, Cyber Operations and International Law (CUP 2020) 353–75, 358.

⁹⁸ Japan is a State that is keen to establish obligations of due diligence in cyberspace. Japan asserts that ‘States have a due diligence obligation regarding cyber operations under international law’, whilst also noting that ‘[t]he outer limit of the due diligence obligation of territorial States with respect to cyber operations is not necessarily clear’, UNGA, ‘Official Compendium of Voluntary National Contributions on the Subject of How International Law Applies to the Use of Information and Communications Technologies by States Submitted by Participating Governmental Experts in the Group of Governmental Experts on Advancing Responsible State Behaviour in Cyberspace in the Context of International Security Established Pursuant to General Assembly Resolution 73/266’ (13 July 2021) UN Doc A/76/136, 48; Ministry of Foreign Affairs of Japan, ‘Basic Position of the Government of Japan on International Law Applicable to Cyber Operations’ (28 May 2021) 5–6 <https://www.mofa.go.jp/files/100200935.pdf>; Oxford Institute For Ethics, Law and Armed Conflict, ‘Cyber Due Diligence’ <https://www.elac.ox.ac.uk/research/cyber-due-diligence/>.

⁹⁹ A Coco and T de Souza Dias, ‘Part I: Due Diligence and COVID-19: States’ Duties to Prevent and Halt the Coronavirus Outbreak’ (EJIL: Talk!, 24 March 2020) <https://www.ejiltalk.org/part-i-due-diligence-and-covid-19-states-duties-to-prevent-and-halt-the-coronavirus-outbreak/>; T de Souza Dias and A Coco, ‘Part II: Due Diligence and COVID-19: States’ Duties to Prevent and Halt the Coronavirus Outbreak’ (EJIL: Talk!, 25 March 2020) <https://www.ejiltalk.org/part-ii-due-diligence-and-covid-19-states-duties-to-prevent-and-halt-the-coronavirus-outbreak/>; T de Souza Dias and A Coco, ‘Part III: Due Diligence and COVID-19: States’ Duties to Prevent and Halt the Coronavirus Outbreak’ (EJIL: Talk!, 25 March 2020) <https://www.ejiltalk.org/part-iii-due-diligence-and-covid-19-states-duties-to-prevent-and-halt-the-coronavirus-outbreak/>; T Dias and A Coco, Cyber Due Diligence in International Law (Oxford Institute for Ethics, Law and Armed Conflict 2022) <https://www.elac.ox.ac.uk/wp-content/uploads/2022/02/Final-Report-BSG-ELAC-CyberDueDiligenceInInternationalLaw.pdf>; Coco and Dias (n 6).

¹⁰⁰ See discussion of ICJ case law above, in particular the Genocide case, where the Court recognized that due diligence obligations are based in primary rules and explicitly cautioned against the transposition of the content of due diligence obligations from one area of international law to another, Prevention and Punishment of the Crime of Genocide (n 18) para 429.

¹⁰¹ Kulesza (n 7).

¹⁰² ibid 300–2.

¹⁰³ Including due diligence obligations in international environmental law, law of the sea, law of international watercourses, protection of foreigners, and law of diplomatic relations, see ibid 221–61.

¹⁰⁴ ibid 301.

¹⁰⁵ ibid 300.

¹⁰⁶ Schmitt (n 7) 71–9.

¹⁰⁷ ibid 69.

¹⁰⁸ MN Schmitt, Tallinn Manual on the International Law Applicable to Cyber Warfare (CUP 2013) 26–9.

¹⁰⁹ Schmitt (n 8) 30.

¹¹⁰ See Kulesza (n 7).

¹¹¹ Schmitt (n 8) 30.

¹¹² ibid 31.

¹¹³ ibid, citing Corfu Channel (n 18) 22.

¹¹⁴ Schmitt ibid 30; and that ‘[t]he Experts further observed that the due diligence principle has long been reflected in jurisprudence; it is a general principle that has been particularised in specialised regimes of international law’, ibid 31.

¹¹⁵ J Klabbers, International Law (2nd edn, CUP 2017) 38.

¹¹⁶ See M Wood, ‘Customary International Law and the General Principles of Law Recognized by Civilized Nations’ (2019) 21 ICLR 307; M Vázquez-Bermúdez and A Crosato, ‘General Principles of Law: The First Debate within the International Law Commission and the Sixth Committee’ (2020) 19 ChineseJIL 157, 168–71; O Pomson, ‘General Principles of Law Formed Within the International Legal System?’ (EJIL: Talk!, 12 July 2022) <https://www.ejiltalk.org/general-principles-of-law-formed-within-the-international-legal-system/>.

¹¹⁷ The Tallinn Manual 2.0 states that ‘because State cyber practice is mostly classified and publicly available expressions of opinio juris are sparse, it is difficult to definitively identify any cyber-specific customary international law’, Schmitt (n 8) 3; Wood, the Special Rapporteur of the ILC's work on the identification of customary international law, considers that the requirements for the identification and development or evolution of customary international law share the same twin criteria of State practice and opinio juris, M Wood, ‘The Evolution and Identification of the Customary International Law of Armed Conflict’ (2018) 51 VandJTransnatlL 727, 728, citing ILC, ‘ Report of the International Law Commission: Sixty-eighth Session’ (2 May–10 June and 4 July–12 August 2016) UN Doc A/71/10, 81.

¹¹⁸ Corfu Channel (n 18) 10.

¹¹⁹ Schmitt (n 8) 31.

¹²⁰ McDonald (n 15) 1048.

¹²¹ In Military and Paramilitary Activities in and against Nicaragua (Nicaragua v US) (Merits) [1986] ICJ Rep 14, paras 154–156, recalling Corfu Channel, the Court stated that whether a State knew or should have known about occurrences on its territory must be established on a case-by-case basis. Also see ILA First Report (n 13) 12.

¹²² As the UK acknowledges, ‘common ground [among States] also extends to an appreciation that we must carefully preserve the space for perfectly legitimate everyday cyber activity which traverses multiple international boundaries millions of times a second’, UK Government, ‘Speech: International Law in Future Frontiers, Attorney General Suella Braverman’ (GOV.UK, 19 May 2022) <https://www.gov.uk/government/speeches/international-law-in-future-frontiers>.

¹²³ See D Efrony and Y Shany, ‘A Rule Book on the Shelf? Tallinn Manual 2.0 on Cyber Operations and Subsequent State Practice’ (2018) 112 AJIL 583; J Goldsmith and A Loomis, ‘Defend Forward and Sovereignty’ in J Goldsmith (ed), The United States’ Defend Forward Cyber Strategy (OUP 2022) 159–5; and S Watts and T Richard, ‘Baseline Territorial Sovereignty and Cyberspace’ (2018) 22 LewClarkLRev 771, 837.

¹²⁴ See the position of Israel which touches on this issue, R Schöndorf, ‘Israel's Perspective on Key Legal and Practical Issues Concerning the Application of International Law to Cyber Operations’ (2021) 97 IntlLStud 395, 404.

¹²⁵ See D Akande, A Coco and T de Souza Dias, ‘Old Habits Die Hard: Applying Existing International Law in Cyberspace and Beyond’ (EJIL: Talk!, 5 January 2021) <https://www.ejiltalk.org/old-habits-die-hard-applying-existing-international-law-in-cyberspace-and-beyond/>; D Akande, A Coco and T de Souza Dias, ‘Drawing the Cyber Baseline: The Applicability of Existing International Law to the Governance of Information and Communication Technologies’ (2022) 99 IntlLStud 34; Dias and Coco, Cyber Due Diligence in International Law (n 99) 13–57.

¹²⁶ Coco and Dias (n 6) 772.

¹²⁷ ibid 773.

¹²⁸ ibid 773.

¹²⁹ 2021 GGE Report (n 1) 10.

¹³⁰ See discussion in KE Eichensehr, ‘Review of The Tallinn Manual on the International Law Applicable to Cyber Warfare (Michael N. Schmitt ed., 2013)’ (2014) 108 AJIL 585.

¹³¹ See Efrony and Shany (n 123) 585, who found only limited support in State practice for the ‘rules’ presented in the Manuals, leading them to ‘question the degree to which the Tallinn Rules are universally regarded as an acceptable basis for articulating the norms of international law governing cyberoperations’.

¹³² Coco and Dias (n 6) 773.

¹³³ ibid 774.

¹³⁴ ibid 772.

¹³⁵ Also see related arguments made in A Coco and T de Souza Dias, ‘Prevent, Respond, Cooperate: States’ Due Diligence Duties vis-à- vis the COVID-19 Pandemic’ (2020) 11 JIntlHumLegStud 218.

¹³⁶ Council of the European Union, ‘Press Release: Declaration by the High Representative Josep Borrell, on Behalf of the European Union, on Malicious Cyber Activities Exploiting the Coronavirus Pandemic’ (30 April 2020) <https://south.euneighbours.eu/news/declaration-high-representative-josep-borrell-behalf-european-union-2/>.

¹³⁷ Peters, Krieger and Kreuzer (n 21) 121.

¹³⁸ Workshops formed part of the Oxford Process, ‘The Oxford Process’ (Oxford Institute for Ethics, Law and Armed Conflict) <https://www.elac.ox.ac.uk/the-oxford-process/>.

¹³⁹ Coco and Dias (n 6) 805.

¹⁴⁰ ibid 774.

¹⁴¹ ibid 780.

¹⁴² ibid 778–83.

¹⁴³ ibid 774, 783–804.

¹⁴⁴ ibid 774.

¹⁴⁵ In relation to the basis of such arguments, see Akande, Coco and Dias, ‘Old Habits Die Hard’ (n 125); Akande, Coco and Dias, ‘Drawing the Cyber Baseline’ (n 125); Dias and Coco, Cyber Due Diligence in International Law (n 99) 13–57.

¹⁴⁶ 2013 GGE Report (n 1) 8; 2015 GGE Report (n 1) 7; 2021 GGE Report (n 1) 8.

¹⁴⁷ 2015 GGE Report (n 1) 7; also see UNGA, ‘Report of the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security’ (30 July 2010) UN Doc A/65/201, 8, which notes that ‘[g]iven the unique attributes of ICTs, additional norms could be developed over time’ (2010 GGE Report).

¹⁴⁸ OEWG Final Report (n 3) 5.

¹⁴⁹ Heathcote (n 52) 299; see discussion in K Alexander, R Dhumale and J Eatwell, Global Governance of Financial Systems: The International Regulation of Systemic Risk (OUP 2005) 134–54. See further discussion in Section IV of this article.

¹⁵⁰ Peters, Krieger and Kreuzer (n 11) 11; on the status and role of soft law generally, see A Boyle and C Chinkin, The Making of International Law (OUP 2007) 211–29.

¹⁵¹ Prevention and Punishment of the Crime of Genocide (n 18) para 429.

¹⁵² Coco and Dias (n 6) 775–8.

¹⁵³ ibid 774–5.

¹⁵⁴ ibid 775.

¹⁵⁵ Y Shany, ‘Digital Rights and the Outer Limits of International Human Rights Law’ (2023) 24 GermLJ 461, 471.

¹⁵⁶ See McDonald (n 15) 1049–54.

¹⁵⁷ H Moynihan, ‘Aiding and Assisting: Challenges in Armed Conflict and Counterterrorism’ (2016) Chatham House, International Law Programme Research Paper, 15 <https://www.chathamhouse.org/sites/default/files/publications/research/2016-11-11-aiding-assisting-challenges-armed-conflict-moynihan.pdf>.

¹⁵⁸ Ministry of Foreign Affairs of Costa Rica, ‘Costa Rica's Position on the Application of International Law in Cyberspace’ (21 July 2023) 9 <https://docs-library.unoda.org/Open-Ended_Working_Group_on_Information_and_Communication_Technologies_-_(2021)/Costa_Rica_-_Position_Paper_-_International_Law_in_Cyberspace.pdf>; Irish Department of Foreign Affairs, ‘Ireland: Position Paper on the Application of International Law in Cyberspace’ (6 July 2023) para 12 <https://www.dfa.ie/media/dfa/ourrolepolicies/internationallaw/Ireland---National-Position-Paper.pdf>.

¹⁵⁹ Corfu Channel (n 18) 10.

¹⁶⁰ Heathcote (n 52) 299.

¹⁶¹ Waibel (n 49); Ollino (n 41) 54.

¹⁶² See analysis in Section II of this article.

¹⁶³ Prevention and Punishment of the Crime of Genocide (n 18) para 429.

¹⁶⁴ eg, see Lahmann who cites Pulp Mills to assert a positive duty to prevent exists as a customary rule that is applicable in the cyber context, H Lahmann, Unilateral Remedies to Cyber Operations (CUP 2020) 147.

¹⁶⁵ British Claims in the Spanish Zone of Morocco Case (1 May 1925) 2 UNRIAA 615, 649.

¹⁶⁶ Island of Palmas Case (Netherlands v USA) (4 April 1928) 2 UNRIAA 829, 839.

¹⁶⁷ Trail Smelter (n 46) 1965.

¹⁶⁸ British Claims in the Spanish Zone (n 165) 649; English translation: ‘Report of the International Law Commission on its 31st Session’ (1979) II(2) ILC Ybk 98, fn 505.

¹⁶⁹ Island of Palmas (n 166) 839.

¹⁷⁰ Trail Smelter (n 46) 1965.

¹⁷¹ Legality of the Threat or Use of Nuclear Weapons [1996] ICJ Rep 226, para 29 (emphasis added).

¹⁷² Reiterated in Gabčíkovo-Nagymaros (n 47) para 53; and more recently in Pulp Mills (n 18) para 193.

¹⁷³ Prevention and Punishment of the Crime of Genocide (n 18) para 429.

¹⁷⁴ For further context also see the wording of principle 2 of the 1992 Rio Declaration on Environment and Development (n 29), which essentially reaffirms principle 21 of the Stockholm Declaration (The United Nations Conference on the Human Environment held in Stockholm, June 1972) <https://wedocs.unep.org/bitstream/handle/20.500.11822/29567/ELGP1StockD.pdf>.

¹⁷⁵ UN Economic and Social Council, ‘Report of the Secretary-General: Rio Declaration on Environment and Development: Application and Implementation’ (10 February 1997) UN Doc E/CN.17/1997/8, para 23.

¹⁷⁶ Heathcote (n 52) 298.

¹⁷⁷ See R Ago, ‘Fourth Report on State Responsibility’ (1972) II ILC Ybk, 100–6, paras 74–90; concerning foreign State representatives, see R Ago, ‘Seventh Report on State Responsibility’ (1978) I(1) ILC Ybk, 35, para 13, fn 18.

¹⁷⁸ Corfu Channel (n 18) 22.

¹⁷⁹ Ollino (n 41) 54–5 (emphasis added).

¹⁸⁰ Including Ministry of Foreign Affairs of Costa Rica (n 158) 8–9; the Czech Republic, ‘Special Envoy of Czech Republic for Cyberspace, Director of Cybersecurity Department, Statement Dated 11 February 2020, from the Special Envoy of Czech Republic for Cyberspace, Director of Cybersecurity Department at the 2nd Substantive Session of the Open-Ended Working Group on Developments in the Field of Information and Telecommunications in the Context of International Security of the First Committee of the General Assembly of the United Nations’ (2nd substantive session of the Open-ended Working Group on developments in the field of information and telecommunications in the context of international security’ (11 February 2020) <https://www.nukib.cz/download/publications_en/CZ%20Statement%20-%20OEWG%20-%20International%20Law%2011.02.2020.pdf>; Denmark, ‘Denmark's Position Paper on the Application of International Law in Cyberspace: Introduction’ (2023) NordicJIL 1, 7–8; Estonia, UNGA, UN Doc A/76/136 (n 98) 26; France, ‘International Law Applied to Operations in Cyberspace’ (2021) 6, 9–10 <https://web.archive.org/web/20220307043619/https://www.defense.gouv.fr/content/download/567648/9770527/file/international+law+applied+to+operations+in+cyberspace.pdf>; Germany, The Federal Government, ‘On the Application of International Law in Cyberspace’ (March 2021) 3, 11 <https://www.auswaertiges-amt.de/blob/2446304/2ae17233b62966a4b7f16d50ca3c6802/on-the-application-of-international-law-in-cyberspace-data.pdf>; Ireland, Irish Department of Foreign Affairs (n 158) 3–4; Italy, ‘Italian Position Paper on “International Law and Cyberspace”’ (2021) 6–7 <https://www.esteri.it/mae/resource/doc/2021/11/italian_position_paper_on_international_law_and_cyberspace.pdf>; Japan takes a somewhat ambiguous position, Ministry of Foreign Affairs of Japan (n 98) 5; the Netherlands, though the position acknowledges that ‘not all countries agree that the due diligence principle constitutes an obligation in its own right under international law’, Government of the Netherlands, ‘Appendix: International Law in Cyberspace, Letter of 5 July 2019 from the Minister of Foreign Affairs to the President of the House of Representatives on the International Legal Order in Cyberspace, Translation’ (26 September 2019) 4–5 <https://www.government.nl/documents/parliamentary-documents/2019/09/26/letter-to-the-parliament-on-the-international-legal-order-in-cyberspace>; Norway, UNGA, UN Doc A/76/136 (n 98) 71–2; Romania, though note the proposal of cyber-specific ‘elements [that must be] cumulatively met’ for such obligations to arise, ibid 76 (2021); Sweden, Government Offices of Sweden, ‘Position Paper on the Application of International Law in Cyberspace’ (July 2022) 4–5 <https://www.government.se/contentassets/3c2cb6febd0e4ab0bd542f653283b140/swedens-position-paper-on-the-application-of-international-law-in-cyberspace.pdf>; and Switzerland, Federal Department of Foreign Affairs, ‘Switzerland's Position Paper on the Application of International Law in Cyberspace’ (2021) 7 <https://www.eda.admin.ch/dam/eda/en/documents/aussenpolitik/voelkerrecht/20210527-Schweiz-Annex-UN-GGE-Cybersecurity-2019-2021_EN.pdf>.

¹⁸¹ eg, see positions of Japan, UNGA, UN Doc A/76/136 (n 98) 48; and the Netherlands, ibid 58; see discussion in KE Eichensehr, ‘Not Illegal: The SolarWinds Incident and International Law’ (2022) 33 EJIL 1263.

¹⁸² eg, see the position of Denmark (n 180) 8.

¹⁸³ See discussion in part III of H Moynihan, ‘Unpacking Due Diligence in Cyberspace’ (2023) 8 JCyberPol <https://doi.org/10.1080/23738871.2023.2250358>.

¹⁸⁴ T Treves, ‘Customary International Law’ in R Wolfrum (ed), Max Planck Encyclopedia of Public International Law (OUP 2006).

¹⁸⁵ eg, see the position of Argentina, Argentina, statement at the Second Substantive Session of the Open-ended Working Group on developments in the field of information and telecommunications in the context of international security (UN, 11 February 2020) <https://media.un.org/en/asset/k18/k18w6jq6eg>; the US, UNGA, UN Doc A/76/136 (n 98) 141; the UK, Foreign, Commonwealth & Development Office, ‘Application of International Law to States’ Conduct in Cyberspace: UK Statement’ (3 June 2021) <https://www.gov.uk/government/publications/application-of-international-law-to-states-conduct-in-cyberspace-uk-statement/application-of-international-law-to-states-conduct-in-cyberspace-uk-statement>; New Zealand, New Zealand Ministry of Foreign Affairs and Trade, ‘The Application of International Law to State Activity in Cyberspace’ (1 December 2020) <https://www.mfat.govt.nz/en/media-and-resources/the-application-of-international-law-to-state-activity-in-cyberspace/>; and Israel, Schöndorf (n 124) 404 (2020).

¹⁸⁶ eg, see the position of Singapore: ‘There is a need for more clarity on the scope and practical applications, if any, of due diligence in cyberspace.’ UNGA, UN Doc A/76/136 (n 98) 84.

¹⁸⁷ eg, see the position of Australia, Australian Government, ‘Annex B: Australia's Position on How International Law Applies to State Conduct in Cyberspace, Australia's International Cyber and Critical Tech Engagement’ (2020) <https://www.internationalcybertech.gov.au/our-work/annexes/annex-b>; Canada, Government of Canada, ‘International Law Applicable in Cyberspace’ (22 April 2022) <https://www.international.gc.ca/world-monde/issues_development-enjeux_developpement/peace_security-paix_securite/cyberspace_law-cyberespace_droit.aspx?lang=eng>; China states generally that ‘[n]o State shall knowingly allow its territory, or territory or ICT facilities, data and information under the control of its government, to be used for ICT activities that undermine national security or interests’, ‘China's Views on the Application of the Principle of Sovereignty in Cyberspace’ (2021) 1–2 <https://documents.unoda.org/wp-content/uploads/2021/12/Chinese-Position-Paper-on-the-Application-of-the-Principle-of-Sovereignty-ENG.pdf>; Poland, ‘The Republic of Poland's Position on the Application of International Law in Cyberspace’ (2022) 4 <https://www.gov.pl/attachment/3203b18b-a83f-4b92-8da2-fa0e3b449131>; see the consensus position of States in the 2021 GGE Report (n 1) 8; and 2015 GGE Report (n 1) 7, 8.

¹⁸⁸ For an assessment of State cyber capabilities, see J Voo, I Hemani and D Cassidy, ‘National Cyber Power Index 2022’ (Belfer Center for Science and International Affairs 2022) <https://www.belfercenter.org/publication/national-cyber-power-index-2022>.

¹⁸⁹ DB Hollis, ‘Improving Transparency: International Law and State Cyber Operations: Fifth Report' (Inter-American Juridical Committee 2020) 7, para 5 <http://www.oas.org/en/sla/iajc/docs/International_Law_and_State_Cyber_Operations_publication.pdf>, citing Hollis (n 91); DB Hollis, ‘Improving Transparency: International Law and State Cyber Operations: Fourth Report' (5 March 2020) OEA/Ser.Q, CJI/doc. 603/20 rev.1 corr.1, 1 <https://www.oas.org/en/sla/iajc/docs/CJI_doc_603-20_rev1_corr1_eng.pdf>.

¹⁹⁰ DB Hollis, ‘Improving Transparency: International Law and State Cyber Operations – Fifth Report’ (7 August 2020) OEA/Ser.Q, CJI/doc. 615/20 rev.1, 2 <https://www.oas.org/en/sla/iajc/docs/CJI-doc_615-20_rev1_ENG.pdf>; Efrony and Shany (n 123) 586.

¹⁹¹ Prevention and Punishment of the Crime of Genocide (n 18) para 429.

¹⁹² Schöndorf (n 124) 404 (emphasis added).

¹⁹³ New Zealand Ministry of Foreign Affairs and Trade (n 185) paras 16, 17.

¹⁹⁴ UK Foreign, Commonwealth & Development Office (n 185) (emphasis added).

¹⁹⁵ UNGA, UN Doc A/76/136 (n 98) 141.

¹⁹⁶ Argentina, statement at the Second Substantive Session of the Open-ended Working Group on developments in the field of information and telecommunications in the context of international security (UN, 11 February 2020) <https://media.un.org/en/asset/k18/k18w6jq6eg>.

¹⁹⁷ UNGA, UN Doc A/76/136 (n 98) 80.

¹⁹⁸ In 2019 the UNGA adopted a resolution by 79 votes to 60 with 33 abstentions to establish an Ad Hoc Committee to elaborate a comprehensive international convention on countering the use of information and communications technologies for criminal purposes; see UNGA Res 74/247 (20 January 2020) UN Doc A/RES/74/247.

¹⁹⁹ ‘Due Diligence’ (International Cyber Law: Interactive Toolkit, 5 May 2022) <https://cyberlaw.ccdcoe.org/wiki/Due_diligence>.

²⁰⁰ North Sea Continental Shelf cases (Federal Republic of Germany/Denmark; Federal Republic of Germany/Netherlands) (Judgment) [1969] ICJ Rep 3, para 74.

²⁰¹ See Efrony and Shany (n 123) 585; Goldsmith and Loomis (n 123) 159–65; Watts and Richard (n 123) 837.

²⁰² US Department of Defense, Summary Department of Defense Cyber Strategy 2018 (2018) 1 <https://media.defense.gov/2018/Sep/18/2002041658/-1/-1/1/CYBER_STRATEGY_SUMMARY_FINAL.PDF>; on the implications of ‘defend forward’ for Rule 4 of the Tallinn Manual 2.0, see Goldsmith and Loomis (n 123).

²⁰³ HM Government, National Cyber Security Strategy 2016–2021 (2016) 33–5 <https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/567242/national_cyber_security_strategy_2016.pdf>.

²⁰⁴ Parliament of Canada, ‘Government Bill (House of Commons) C-59 (42-1) (Third Reading): An Act Respecting National Security Matters’ (19 June 2018) section 19 <https://www.parl.ca/DocumentViewer/en/42-1/bill/C-59/third-reading#enH3105>.

²⁰⁵ New Zealand Government, New Zealand's Cyber Security Strategy 2019 (Department of the Prime Minister and Cabinet 2019) 13 <https://dpmc.govt.nz/sites/default/files/2019-07/Cyber%20Security%20Strategy.pdf>.

²⁰⁶ Commonwealth of Australia, Department of Foreign Affairs and Trade, Australia's International Cyber Engagement Strategy (October 2017) 54 <https://www.internationalcybertech.gov.au/sites/default/files/2020-11/The%20Strategy.pdf>.

²⁰⁷ eg, the US Department of Defense states that ‘The Department's commitment to defend forward including to counter foreign cyber activity targeting the United States—comports with our obligations under international law and our commitment to the rules-based international order’, Hon PC Ney, Jr, ‘DOD General Counsel Remarks at U.S. Cyber Command Legal Conference’ (U.S. Department of Defense, 2 March 2020) <https://www.defense.gov/Newsroom/Speeches/Speech/Article/2099378/dod-general-counsel-remarks-at-us-cyber-command-legal-conference/>.

²⁰⁸ See J Kenny, ‘France, Cyber Operations and Sovereignty: The “Purist” Approach to Sovereignty and Contradictory State Practice’ (Lawfare, 12 March 2021) <https://www.lawfareblog.com/france-cyber-operations-and-sovereignty-purist-approach-sovereignty-and-contradictory-state-practice>.

²⁰⁹ See Peters et al, ‘There is the danger that States and other international persons simply proclaim due diligence and then do what they want’, Peters, Krieger and Kreuzer (n 21) 134.

²¹⁰ ibid.

²¹¹ ibid.

²¹² The International Code of Conduct for Information Security (2011) may be considered as an attempt to legitimize restrictions of free speech that disregard international human rights obligations; UNGA, ‘Letter Dated 12 September 2011 from the Permanent Representatives of China, the Russian Federation, Tajikistan and Uzbekistan to the United Nations Addressed to the Secretary-General’ (14 September 2011) UN Doc A/66/359; Section (c) of the Code of Conduct.

²¹³ ‘This may give room for more self-selected processes and self-biased national narratives and thereby contribute to an alienation and even disengagement of States from their international legal commitments’, Peters, Krieger and Kreuzer (n 21) 135, 134–5.

²¹⁴ See E MacAskill et al, ‘NSA Files Decoded: Edward Snowden's Surveillance Revelations Explained’ The Guardian (London, 1 November 2013) <http://www.theguardian.com/world/interactive/2013/nov/01/snowden-nsa-files-surveillance-revelations-decoded>.

²¹⁵ For a general discussion of policy implications in this context, see Moynihan (n 183).

²¹⁶ McDonald (n 15) 1041.

²¹⁷ Schöndorf (n 124) 404.

²¹⁸ See M Schmitt and L Vihul, ‘Respect for Sovereignty in Cyberspace’ (2017) 95 TexLRev 1639; based on Rule 4 of the Tallinn Manual 2.0, Schmitt (n 8) 17–27; see further discussion of ‘sovereignty as a rule’ in M Schmitt, ‘Finland Sets Out Key Positions on International Cyber Law’ (Just Security, 27 October 2020) <https://www.justsecurity.org/73061/finland-sets-out-key-positions-on-international-cyber-law/>; and M Schmitt, ‘The Netherlands Releases a Tour de Force on International Law in Cyberspace: Analysis’ (Just Security, 14 October 2019) <https://www.justsecurity.org/66562/the-netherlands-releases-a-tour-de-force-on-international-law-in-cyberspace-analysis/>; for an objective analysis of these claims, see Goldsmith and Loomis (n 123).

²¹⁹ See N McDonald and A McLeod, ‘“Antisocial Behaviour, Unfriendly Relations”: Assessing the Contemporary Value of the Categories of Unfriendly Acts and Retorsion in International Law’ (2021) 26 JC&SL 421.

²²⁰ See Efrony and Shany (n 123) 588; H Moynihan, ‘The Vital Role of International Law in the Framework for Responsible State Behaviour in Cyberspace’ (2021) 6 JCyberPol 394, 402.

²²¹ eg, see the positions of Brazil, UNGA, UN Doc A/76/136 (n 98) 21–2; China, Permanent Mission of the People's Republic of China, ‘Statement by Counsellor SUN Lei of the Chinese Delegation at the Thematic Discussion on Information and Cyber Security at the First Committee of the 72nd Session of the UNGA’ (23 October 2017) <http://un.china-mission.gov.cn/eng/chinaandun/disarmament_armscontrol/unga/201710/t20171030_8412335.htm>; and Cuba, ‘Declaration by Miguel Rodríguez, Representative of Cuba, at the Final Session of Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security’ (23 June 2017) <https://www.justsecurity.org/wp-content/uploads/2017/06/Cuban-Expert-Declaration.pdf>; E Jensen and S Watts, ‘A Cyber Duty of Due Diligence: Gentle Civilizer or Crude Destabilizer?’ (2017) 95 TexLRev 23, 1555, 1573–4.

²²² Heathcote (n 52) 299; see discussion in Alexander, Dhumale and Eatwell (n 149) 134–54.

²²³ See B Baade, ‘Fake News and International Law’ (2018) 29 EJIL 1357, 1365.

²²⁴ See J Ruggie, C Rees and R Davis, ‘Ten Years After: From UN Guiding Principles to Multi-Fiduciary Obligations’ (2021) 6 BHRJ 179.

²²⁵ See C Macchi and C Bright, ‘Hardening Soft Law: The Implementation of Human Rights Due Diligence Requirements in Domestic Legislation’ in M Buscemi et al (eds), Legal Sources in Business and Human Rights: Evolving Dynamics in International and European Law (Brill 2020).

²²⁶ UN Human Rights Council Open-ended Intergovernmental Working Group (OEIGWG), ‘Third Revised Draft of the Legally Binding Instrument to Regulate, in International Human Rights Law, the Activities of Transnational Corporations and other Business Enterprises’ (17 August 2021) <https://www.ohchr.org/en/hr-bodies/hrc/wg-trans-corp/igwg-on-tnc>.

²²⁷ UNGA, UN Doc A/76/136 (n 98) 76.

²²⁸ Peters, Krieger and Kreuzer (n 21) 133–4.

²²⁹ ibid.

²³⁰ Prevention and Punishment of the Crime of Genocide (n 18) para 429.

²³¹ See Efrony and Shany (n 123); Goldsmith and Loomis (n 123); and Watts and Richard (n 123) 837.

²³² 2013 GGE Report (n 1) 8; 2015 GGE Report (n 1) 7; 2021 GGE Report (n 1) 8.

²³³ 2015 GGE Report (n 1) 7; also see the 2010 GGE Report (n 147) 8, which notes that ‘[g]iven the unique attributes of ICTs, additional norms could be developed over time’.

²³⁴ OEWG Final Report (n 3) 5.

²³⁵ See S Talmon, ‘Determining Customary International Law: The ICJ's Methodology between Induction, Deduction and Assertion’ (2015) 26 EJIL 417. Some authors have challenged certain assertions of the Court where opinio juris did not appear to be present. See Tams, who argues that ‘anything goes in the ascertainment of custom’, in C Tams, ‘Meta-Custom and the Court: A Study in Judicial Law-Making’ (2015) 14 LPICT 51, 79; and Benvenisti, who considers that ‘the ICJ or other tribunals “cheat” by inventing what they refer to as custom’, E Benvenisti, ‘Customary International Law as a Judicial Tool for Promoting Efficiency’ in E Benvenisti and M Hirsch (eds), The Impact of International Law on International Cooperation: Theoretical Perspectives (CUP 2004) 87.

²³⁶ Schmitt (n 8) 31.

²³⁷ See Wood (n 116); Vázquez-Bermúdez and Crosato (n 116) 168–71; Pomson (n 116).

²³⁸ J d'Aspremont, ‘Customary International Law as a Dance Floor: Part I’ (EJIL Talk!, 14 April 2014) <https://www.ejiltalk.org/customary-international-law-as-a-dance-floor-part-i/>.

²³⁹ See J d'Aspremont, ‘Cyber Operations and International Law: An Interventionist Legal Thought’ (2016) 21 JC&SL 575; see recent comments of Akande (Oxford Institute for Ethics, Law and Armed Conflict) in support of such assertions that refer to ‘dangerous gaps in international law framework applicable to cyber operations’, P Berman et al, ‘Panel 12: Cyberwarfare and Other Challenges to the Law of Armed Conflict’ (The London Conference on International Law 2022, Queen Elizabeth II Centre, London, 11 October 2022) <https://vimeo.com/760397545>.

²⁴⁰ See Cybersecurity Tech Accord, ‘Industry Perspective Rejected: Cybersecurity Tech Accord Releases Joint Statement on Veto by UN Cyber Working Group’ (Cybersecurity Tech Accord, 21 July 2022) <https://cybertechaccord.org/industry-perspective-rejected-cybersecurity-tech-accord-regrets-decision-by-states-to-reject-participation-in-un-open-ended-working-group-on-cybersecurity/>.